summaryrefslogtreecommitdiff
path: root/bin/admin.pl
diff options
context:
space:
mode:
authorchristopherm <christopherm@4979c152-3d1c-0410-bac9-87ea11338e46>2006-11-03 05:13:21 +0000
committerchristopherm <christopherm@4979c152-3d1c-0410-bac9-87ea11338e46>2006-11-03 05:13:21 +0000
commit3ad50effa2b0caa4ee742ca6e30a70cbe1077878 (patch)
tree9d9f632e753990e81d2c2e8f9d89de466fef0ba4 /bin/admin.pl
parentaadceb81a6b63a1896b3150a4f6783bcc45a1157 (diff)
moving all user preferences into the central db. This will break current test installs or anyone running HEAD. Please see ledger-smb.conf. You will also need to create the central db (using Pg-central.sql) and set the admin user password (md5(something)). More info to be given on the legdger-smb-devel mailing list
git-svn-id: https://ledger-smb.svn.sourceforge.net/svnroot/ledger-smb/trunk@479 4979c152-3d1c-0410-bac9-87ea11338e46
Diffstat (limited to 'bin/admin.pl')
-rwxr-xr-xbin/admin.pl214
1 files changed, 50 insertions, 164 deletions
diff --git a/bin/admin.pl b/bin/admin.pl
index 1922e692..222237e6 100755
--- a/bin/admin.pl
+++ b/bin/admin.pl
@@ -39,7 +39,7 @@ $menufile = "menu.ini";
use LedgerSMB::Form;
use LedgerSMB::Locale;
use LedgerSMB::User;
-
+use LedgerSMB::Session;
$form = new Form;
@@ -65,11 +65,7 @@ if (-f "bin/custom/$form->{script}") {
}
-
-
-
if ($form->{action}) {
-
&check_password unless $form->{action} eq 'logout';
&{ $form->{action} };
@@ -78,20 +74,9 @@ if ($form->{action}) {
# if there are no drivers bail out
$form->error($locale->text('No Database Drivers available!')) unless (LedgerSMB::User->dbdrivers);
- # create memberfile
- if (! -f ${LedgerSMB::Sysconfig::memberfile}) {
- open(FH, ">${LedgerSMB::Sysconfig::memberfile}") or $form->error("$memberfile : $!");
- print FH qq|# LedgerSMB Accounting members
+ $root = LedgerSMB::User->new('admin');
-[root login]
-password=
-|;
- close FH;
- }
-
- $root = LedgerSMB::User->new("${LedgerSMB::Sysconfig::memberfile}", "root login");
-
- unless($root && $root->{password}) {
+ unless($root && $root->{password}){
&setup_initial_password();
exit;
}
@@ -193,8 +178,7 @@ sub login {
sub logout {
$form->{callback} = "$form->{script}?path=$form->{path}&amp;endsession=1";
- unlink "${LedgerSMB::Sysconfig::userspath}/adminhash";
- print qq|Set-Cookie: LedgerSMB=; path=/;\n|;
+ Session::session_destroy($form);
$form->redirect($locale->text('You are logged out'));
}
@@ -249,14 +233,12 @@ sub form_footer {
sub list_users {
- open(FH, "${LedgerSMB::Sysconfig::memberfile}") or $form->error("$memberfile : $!");
-
- $nologin = qq|<button type="submit" class="submit" name="action" value="lock_system">|.$locale->text('Lock System').qq|</button>|;
-
- if (-e "${LedgerSMB::Sysconfig::userspath}/nologin") {
- $nologin = qq|<button type="submit" class="submit" name="action" value="unlock_system">|.$locale->text('Unlock System').qq|</button>|;
- }
-
+ #currently, this is disabled, but will set a value in the central db
+ #$nologin = qq|<button type="submit" class="submit" name="action" value="lock_system">|.$locale->text('Lock System').qq|</button>|;
+ #
+ #if (-e "${LedgerSMB::Sysconfig::userspath}/nologin") {
+ # $nologin = qq|<button type="submit" class="submit" name="action" value="unlock_system">|.$locale->text('Unlock System').qq|</button>|;
+ #}
while (<FH>) {
chop;
@@ -294,7 +276,7 @@ sub list_users {
$form->{title} = "LedgerSMB ".$locale->text('Accounting')." ".$locale->text('Administration');
- $form->{login} = "root login";
+ $form->{login} = "admin";
$form->header;
print qq|
@@ -373,7 +355,7 @@ sub form_header {
if ($form->{login}) {
# get user
- $myconfig = LedgerSMB::User->new("${LedgerSMB::Sysconfig::memberfile}", "$form->{login}");
+ %myconfig = %{LedgerSMB::User->fetch_config($form->{login})};
for (qw(company address signature)) { $myconfig->{$_} = $form->quote($myconfig->{$_}) }
for (qw(address signature)) { $myconfig->{$_} =~ s/\\n/\n/g }
@@ -486,7 +468,7 @@ sub form_header {
}
$user = $form->{login};
- $form->{login} = "root login";
+ $form->{login} = "admin";
$form->header;
$form->{login} = $user;
@@ -769,7 +751,7 @@ sub save {
# check for duplicates
if (!$form->{edit}) {
- $temp = LedgerSMB::User->new("${LedgerSMB::Sysconfig::memberfile}", "$form->{login}");
+ $temp = LedgerSMB::User->new($form->{login});
if ($temp->{login}) {
$form->error($locale->text('[_1] is already a member!', $form->{login}));
@@ -793,7 +775,6 @@ sub save {
# add base directory to $form->{templates}
$form->{templates} = "${LedgerSMB::Sysconfig::templates}/$form->{templates}";
-
$myconfig = LedgerSMB::User->new("${LedgerSMB::Sysconfig::memberfile}", "$form->{login}");
# redo acs variable and delete all the acs codes
@@ -837,7 +818,7 @@ sub save {
$myconfig->{packpw} = 1;
- $myconfig->save_member(${LedgerSMB::Sysconfig::memberfile}, ${LedgerSMB::Sysconfig::userspath});
+ $myconfig->save_member($form);
# create user template directory and copy master files
if (! -d "$form->{templates}") {
@@ -880,74 +861,6 @@ sub delete {
$form->{templates} = ($form->{templates}) ? "${LedgerSMB::Sysconfig::templates}/$form->{templates}" : "$templates/$form->{login}";
- $form->error($locale->text("[_1] locked!",
- ${LedgerSMB::Sysconfig::memberfile})) if (-f ${memberfile}.LCK);
-
- open(FH, ">${memberfile}.LCK") or $form->error("${memberfile}.LCK : $!");
- close(FH);
-
- if (! open(CONF, "+<${LedgerSMB::Sysconfig::memberfile}")) {
- unlink "${memberfile}.LCK";
- $form->error("${LedgerSMB::Sysconfig::memberfile} : $!");
- }
-
- @config = <CONF>;
-
- seek(CONF, 0, 0);
- truncate(CONF, 0);
-
- while ($line = shift @config) {
-
- chop $line;
-
- if ($line =~ /^\[/) {
- last if ($line eq "[$form->{login}]");
- $login = &login_name($line);
- }
-
- if ($line =~ /^templates=/) {
- ($null, $user{$login}) = split /=/, $line, 2;
- }
-
- print CONF "$line\n";
- }
-
- # remove everything up to next login or EOF
- # and save template variable
- while ($line = shift @config) {
-
- chop $line;
-
- ($key, $value) = split /=/, $line, 2;
- $myconfig{$key} = $value;
-
- last if ($line =~ /^\[/);
- }
-
- # this one is either the next login or EOF
- print CONF "$line\n";
-
- $login = &login_name($line);
-
-
- while ($line = shift @config) {
-
- chop $line;
-
- if ($line =~ /^\[/) {
- $login = &login_name($line);
- }
-
- if ($line =~ /^templates=/) {
- ($null, $user{$login}) = split /=/, $line, 2;
- }
-
- print CONF "$line\n";
- }
-
- close(CONF);
- unlink "${memberfile}.LCK";
-
# scan %user for $templatedir
foreach $login (keys %user) {
last if ($found = ($form->{templates} eq $user{$login}));
@@ -955,7 +868,6 @@ sub delete {
# if found keep directory otherwise delete
if (!$found) {
-
# delete it if there is a template directory
$dir = "$form->{templates}";
if (-d "$dir") {
@@ -964,16 +876,15 @@ sub delete {
}
}
- if ($myconfig{dbconnect}) {
+ my $dbh = ${LedgerSMB::Sysconfig::GLOBALDBH};
- $myconfig{dbpasswd} = unpack 'u', $myconfig{dbpasswd};
- for (keys %myconfig) { $form->{$_} = $myconfig{$_} }
+ #users_conf
+ my $deleteUser = $dbh->prepare("DELETE FROM users_conf USING users WHERE users.username = ? and users.id = users_conf.id;");
+ $deleteUser->execute($form->{login});
- LedgerSMB::User->delete_login(\%$form);
-
- # delete config file for user
- unlink "${LedgerSMB::Sysconfig::userspath}/$form->{login}.conf";
- }
+ #and now users
+ $deleteUser = $dbh->prepare("DELETE FROM users WHERE username = ?;");
+ $deleteUser->execute($form->{login});
$form->redirect($locale->text('User deleted!'));
}
@@ -1035,68 +946,41 @@ sub change_password {
$form->error($locale->text('Passwords do not match!')) if $form->{new_password} ne $form->{confirm_password};
$root->{password} = $form->{new_password};
$root->{'root login'} = 1;
- $root->save_member(${LedgerSMB::Sysconfig::memberfile});
+ $root->save_member();
$form->{callback} = "$form->{script}?action=list_users&amp;path=$form->{path}&amp;sessionid=$form->{sessionid}";
$form->redirect($locale->text('Password changed!'));
}
-sub get_hash {
- use Digest::MD5;
- $form->{hash} = Digest::MD5::md5_hex rand();
-
-}
-
sub check_password {
- $root = LedgerSMB::User->new("${LedgerSMB::Sysconfig::memberfile}", "root login");
-
- if ($root->{password}) {
+ $root = LedgerSMB::User->new('admin');
- if ($form->{password}) {
+ if ($form->{password}) {
- $form->{callback} .= "&amp;password=$form->{password}" if $form->{callback};
- $form->{sessionid} = time;
+ $form->{callback} .= "&amp;password=$form->{password}" if $form->{callback};
- if ($root->{password} ne crypt $form->{password}, 'ro') {
- &getpassword;
- exit;
- }
-
- &get_hash;
-
- open(HASHFILE, "> ${LedgerSMB::Sysconfig::userspath}/adminhash") || $form->error("Can't Open Hashfile: $!");
- print HASHFILE $form->{hash};
- print qq|Set-Cookie: LedgerSMB=$form->{hash}; path=/;\n|;
-
- } else {
-
- if ($ENV{HTTP_USER_AGENT}) {
-
- $ENV{HTTP_COOKIE} =~ s/;\s*/;/g;
- %cookie = split /[=;]/, $ENV{HTTP_COOKIE}; # Changeme to %cookies
- $cookie = ($form->{path} eq 'bin/lynx') ? $cookie{login} : $cookie{"LedgerSMB-root login"};
-
- #fixes problem with first login and such
- if (!(-f "${LedgerSMB::Sysconfig::userspath}/adminhash")) {
- &get_hash;
- open(HASHFILE, "> ${LedgerSMB::Sysconfig::userspath}/adminhash") || $form->error("Can't Open Hashfile: $!");
- print HASHFILE $form->{hash};
- close(HASHFILE);
- }
-
- open (HASHFILE, "< ${LedgerSMB::Sysconfig::userspath}/adminhash") || $form->error("Can't Open Hashfile: $!");
- chomp($form->{hash} = <HASHFILE>);
- %cookies = split /[=;]/, $ENV{HTTP_COOKIE};
+ if ($root->{password} ne (Digest::MD5::md5_hex $form->{password}) ) {
+ &getpassword;
+ exit;
+ }
+ else{
+ Session::session_create($root);
+ }
+ }
+ else {
- if (! $cookie || $cookie ne $form->{sessionid} || $form->{hash} ne $cookies{LedgerSMB}) {
+ $ENV{HTTP_COOKIE} =~ s/;\s*/;/g;
+ @cookies = split /;/, $ENV{HTTP_COOKIE};
+ foreach (@cookies) {
+ ($name,$value) = split /=/, $_, 2;
+ $cookie{$name} = $value;
+ }
- &getpassword;
- exit;
- }
- }
+ if(!Session::session_check($cookie{"LedgerSMB"}, $root)){
+ &getpassword(1);
+ exit;
}
}
-
}
@@ -1372,7 +1256,7 @@ sub dbcreate {
sub delete_dataset {
- if (@dbsources = LedgerSMB::User->dbsources_unused(\%$form, ${LedgerSMB::Sysconfig::memberfile})) {
+ if (@dbsources = LedgerSMB::User->dbsources_unused(\%$form)) {
foreach $item (sort @dbsources) {
$dbsources .= qq|<input name="db" class="radio" type="radio" value="$item" />&nbsp;$item |;
@@ -1463,7 +1347,8 @@ sub dbdelete {
sub unlock_system {
- unlink "${LedgerSMB::Sysconfig::userspath}/nologin";
+ # This needs to be done with a db tool
+ # unlink "${LedgerSMB::Sysconfig::userspath}/nologin";
$form->{callback} = "$form->{script}?action=list_users&amp;path=$form->{path}&amp;sessionid=$form->{sessionid}";
$form->redirect($locale->text('Lockfile removed!'));
}
@@ -1471,8 +1356,9 @@ sub unlock_system {
sub lock_system {
- open(FH, ">${LedgerSMB::Sysconfig::userspath}/nologin") or $form->error($locale->text('Cannot create Lock!'));
- close(FH);
+ # This needs to be done with a db tool
+ #open(FH, ">${LedgerSMB::Sysconfig::userspath}/nologin") or $form->error($locale->text('Cannot create Lock!'));
+ #close(FH);
$form->{callback} = "$form->{script}?action=list_users&amp;path=$form->{path}&amp;sessionid=$form->{sessionid}";
$form->redirect($locale->text('Lockfile created!'));
}